This forum is now a read-only archive. All commenting, posting, registration services have been turned off. Those needing community support and/or wanting to ask questions should refer to the Tag/Forum map, and to http://spring.io/questions for a curated list of stackoverflow tags that Pivotal engineers, and the community, monitor.

Question on authentication success handler

Jun 7th, 2010, 12:31 PM

We have a hidden login form on the most of pages. It will show up when a user click the signin link. We also have a login page for the situation when an anonymous want to access user restricted pages. (We would like to have the login form pops up instead of the login page. However, it doesn't seem to be doable to trigger a Javascript code with a URL.) With the following SS configuration, we have a desired behaviour for enforced login.

Comment

Peter Mularien | Blog
Author, Spring Security 3 (Book) - Packt Publishing, Available in print and eBook form
SCJP 5, Oracle DBAAny postings are my own opinion, and should not be attributed to my employer or clients.

In the 3.0 version, AuthenticationProcessingFilter is renamed as UsernamePasswordAuthenticationFilter. After having the following in the configuration file, I need to put the filter inside of the http block.

Filter beans '<authenticationFilter>' and 'Root bean: class [org.springframework.security.web.authentication.Us ernamePasswordAuthenticationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0;
dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null' have the same 'order' value. When using custom filters, please make sure the positions do not conflict with default filters. Alternatively you can disable the default filters by removing the corresponding child elements from <http> and avoiding the use of <http auto-config='true'>.

Comment

Peter Mularien | Blog
Author, Spring Security 3 (Book) - Packt Publishing, Available in print and eBook form
SCJP 5, Oracle DBAAny postings are my own opinion, and should not be attributed to my employer or clients.

Comment

If you're replacing the form login filter, you need to remove the <form-login> tag. Ref: Link

So what you say is that I need to use the security:http tag instead? If so, what are the equivalent of property login-page and authentication-failure-url of the form-login tag? I scan over the reference documentation and can't find the information.